Overview

overview

7

Static

static

3

3ca5696469...47.exe

windows7-x64

7

3ca5696469...47.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/05/2024, 08:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ca56964695e70a31185887f7db5081392aaf9a995c6044ab7d69e9880c3bd47.exe

  • Size

    16KB

  • MD5

    3f6ea75fa74db6f41978a8d64463adf8

  • SHA1

    e958acc15f821645d126b737b95a4a3509a5aba6

  • SHA256

    3ca56964695e70a31185887f7db5081392aaf9a995c6044ab7d69e9880c3bd47

  • SHA512

    bdbc58f07cc0ae6ec51cec1b195b16cdd984ddb8ccabd7f7692762f1b413d841f5a206bb7611df2e556d4ec5da48f7de2abbb3b95349d2ba68f2f78ad65d9e61

  • SSDEEP

    192:nx+uPBkqyIfgm64++u6gzYMzZ0dqsEq65+O0I5L0pJ/WDvd0EtITbKH62RTs2/f+:x+uPfoQ+DfYMzKdPEsOuubuEG3KHM2/m

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ca56964695e70a31185887f7db5081392aaf9a995c6044ab7d69e9880c3bd47.exe
    "C:\Users\Admin\AppData\Local\Temp\3ca56964695e70a31185887f7db5081392aaf9a995c6044ab7d69e9880c3bd47.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1280
    • C:\Windows\svhost.exe
      "C:\Windows\svhost.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2508

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    338KB

    MD5

    9e2efe85e70d64f8ce1e5c21c4e692dc

    SHA1

    7c68d72891c640a5c205a7967653227819cd1152

    SHA256

    2e8d11e828d2b21a0ca12493f39f8478aefb58d1c92d7ef312f87be866cce313

    SHA512

    142c3c00bfb7f2f67e9254dc45f676a746e11e258988b7cbdb9f4614c99153ccef9c370b08c601cafda436099c4bcfe51c2412b70fa7f8d27db3a7313506750f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\xKsx2k43WUT7huy.exe
    Filesize

    16KB

    MD5

    b4c51ff23050d368e11c8a91aa1ec107

    SHA1

    d694ca94c0f870e4d91119a6e1a06def9f3a5de8

    SHA256

    f8a243554d9ee7d0f6e3b1b3947c88a119d5966322edcea03aaa507e81ed1699

    SHA512

    67e3a247f238d3ddb8b8563ad8bc7e9fea85e66b5ffeab6fc14a18ff2fc650201ce91f043cc4bb18d77c8521a5647c51be34880b9b80ae2d468e82b0c1570bc1

    Download Submit

  • C:\Windows\svhost.exe
    Filesize

    16KB

    MD5

    76fd02b48297edb28940bdfa3fa1c48a

    SHA1

    bf5cae1057a0aca8bf3aab8b121fe77ebb0788ce

    SHA256

    07abd35f09b954eba7011ce18b225017c50168e039732680df58ae703324825c

    SHA512

    28c7bf4785547f6df9d678699a55cfb24c429a2bac5375733ff2f760c92933190517d8acd740bdf69c3ecc799635279af5d7ebd848c5b471318d1f330c441ff0

    Download Submit